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DETAILED ACTION 

1 . This action is responsive to communications: Amendment, filed 12/16/2008; 
Information Disclosure Statements, filed 06/19/2008 (duplicates); 08/22/2008; 
12/16/2008. 

2. Claims 1,2,5, 6, 9-11,1 3-1 5, 20, 21 , 23-25, 30, 31 , 33-36, 41 , and 44-52 are 
pending. Claims 1,14, and 24 are independent claims. 

3. Claim 14 has been amended to overcome the previous rejections of claims 14- 
16, 20, 21, and 23 under 35 U.S.C. 101. 

Information Disclosure Statement 

Regarding the information disclosure statements filed 06/19/2008; 08/22/2008; 
and 12/16/2008; the listings of official communications have been considered but have 
been lined through on the IDS so as not to be listed on the face of any patent issued. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 . Claims 1 , 2, 5, 6, 9-11,1 3-1 5, 20, 21 , 23-25, 30, 31 , 33-36, 41 , and 44-52 are 

rejected under 35 U.S.C. 103(a) as being unpatentable over Cheng, U.S. Patent 

No. 6,067,548, issued May 2000, in view of SiteMinder Policy Server Operations 
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Guide, Version 4.0 ("SiteMinder"), Netegrity Inc., p. 1-556, published 1997 and 
cited in applicant's Information Disclosure Statement filed March 15, 2004, and 
further in view of McNally et al. ("McNally"), U.S. Patent No. 6,823,513 B1, issued 
November 2004. 

Regarding independent claim 1, Cheng teaches a computer-implemented 
method for using workflows, the method comprising: associating workflows with one or 
more domains in an identity system, each domain including one or more entities; 
because Cheng teaches associating workflows in an organizational model with a 
domain using a unique identifier (col. 11,1. 59-27). 

Cheng teaches receiving a request to perform a task that affects at least one 
identity profile associated with an entity in said identity system; because Cheng teaches 
a method for using workflows in an identity system, using virtual links to associate a 
workflow with a group that includes a target identity profile (col. 3, 1. 15-col. 5, 1. 16). 
Cheng teaches that the system has organizational objects which are sub-groups of the 
enterprise, such as employees and departments (col. 6, 1. 40-col. 7, 1. 67). Cheng 
teaches that the organizational model of the system can be applied in workflow 
systems, by using the roles to assign tasks in a workflow system (col. 13, I. 9-col. 16, 1. 
10; col. 16, I. 10-65). 

While Cheng teaches associating workflows in an organizational model with a 
domain using a unique identifier (col. 11,1. 59-27), Cheng does not explicitly teach 
determining associations with the domain, however, SiteMinder teaches determining 
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from said one or more domains, a domain that includes said entity with which said at 
least one identity profile is associated; 

determining a set of workflows associated with said domain and capable of 
performing said task; because SiteMinder teaches a policy server, i.e., identity system, 
for associating workflows, i.e., rules for user interaction with system resources, with 
policy domains (p. 235-237) by using SiteMinder responses and entities (Chapter 1 1, p. 
302-304) and creating policies, i.e., workflows, to specify actions that should take place 
when users access specific resources, which are tasks and/or software within a domain 
that includes entities, i.e., groups, associated with identity profiles (Chapter 12, Policies, 
p. 325-328). Specifically, SiteMinder teaches that a policy domain is a logical grouping 
of resources associated with one or more user directories, i.e., one or more users of the 
system (p. 235, par. 1 ; p. 235). 

Cheng teaches that the user may use a graphical user interface to manipulate 
the organizational objects and tasks (col. 11,1. 52-58; col. 12, 1. 64-col. 13, 1. 33; Fig. 9, 
10), which suggests use of a GUI to assign workflows, but does not explicitly providing 
an interface receiving a user selection of a workflow; however, McNally teaches 
outputting said set of workflows to a user; receiving from said user a selection of a first 
workflow from said set of workflows; because McNally teaches an interface an operator 
may select a workflow from a selection of workflows (Fig. 5-8; col. 5, 1. 65-col. 6, 1. 27). 

Cheng teaches performing said first workflow for said task, wherein: 

said request includes an identification of said at least one identity profile. Cheng 
teaches the assignment of dynamic roles by using virtual links in the workflow system, 
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so that the system can determine at run time to whom the task should be assigned (col. 
15, 1. 37-col. 16, 1. 21; especially col. 16, 1. 7-21). 

Cheng, SiteMinder, and McNally are all directed toward policy and identity 
management for workflows. It would have been obvious to one of ordinary skill in the 
art at the time of the invention to combine SiteMinder, McNally, and Cheng, since it 
would have been obvious to combine the known prior art elements of a workflow system 
with rules corresponding to identity profiles (Cheng), with an identity system associating 
users with domains (SiteMinder), and a graphical user interface allowing selection of 
workflow elements from a list (McNally), according to known methods of programming in 
order to produce predictable results (KSR), and since workflows, user profiles, and 
domains were all database categories managed by either Cheng, SiteMinder, and 
McNally, and were therefore data items which could have been combined in one 
system. 

Regarding dependent claim 2, Cheng suggests associating said first workflow 
with said first domain, said step of associating said first workflow includes choosing a 
first entry in a data structure, said data structure is a hierarchical data structure of 
entities in the identity system, said first domain includes said first entry and entries 
below said first entry, because Cheng teaches that the system has organizational 
objects which are sub-groups of the enterprise, such as employees and departments, 
arranged in a hierarchical data structure (col. 6, 1. 40-col. 7, 1. 67, Fig. 3, 4). 

SiteMinder teaches a policy server, i.e., identity system, for associating 
workflows, i.e., rules for user interaction with system resources, with policy domains (p. 
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235-237) by using SiteMinder responses and entities (Chapter 1 1, p. 302-304) and 
creating policies, i.e., workflows, to specify actions that should take place when users 
access specific resources, which are tasks and/or software within a domain that 
includes entities, i.e., groups, associated with identity profiles (Chapter 12, Policies, p. 
325-328). . Specifically, SiteMinder teaches that a policy domain is a logical grouping 
of resources associated with one or more user directories, i.e., one or more users of the 
system (p. 235, par. 1 ; p. 235). 

Cheng, SiteMinder, and McNally are all directed toward policy and identity 
management for workflows. It would have been obvious to one of ordinary skill in the 
art at the time of the invention to combine SiteMinder, McNally, and Cheng, since it 
would have been obvious to combine the known prior art elements of a workflow system 
with rules corresponding to identity profiles (Cheng), with an identity system associating 
users with domains (SiteMinder), and a graphical user interface allowing selection of 
workflow elements from a list (McNally), according to known methods of programming in 
order to produce predictable results (KSR), and since workflows, user profiles, and 
domains were all database categories managed by either Cheng, SiteMinder, and 
McNally, and were therefore data items which could have been combined in one 
system. 

Regarding dependent claims 5 and 6, Cheng teaches that the user can 
request to delete or modify at least one identity profile, because Cheng teaches that the 
identifier and objects of the member class have a life cycle where a member, i.e., 
identity profile can be archived, modified, or deleted (col. 8, 1. 1-51; col. 12, 1. 27-64). 
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Regarding dependent claim 9, Cheng teaches that said steps of associating, 
receiving and performing are performed by an integrated identity and access system, 
because Cheng teaches a system of interconnected databases with multiple servers for 
identity and access (Fig. 8, col. 11,1. 4-col. 12, 1. 26). 

Regarding dependent claim 10, Cheng teaches that a request may be for self- 
registration, because Cheng teaches a user interface for self registration (col. 12, 1. 18- 
64). 

Regarding dependent claim 11, Cheng teaches that workflows can delegate 
work, i.e., tasks, to other workflow processes or resources (col. 13, 1. 9-col. 15, 1. 19). 

Regarding dependent claim 13, Cheng teaches wherein said hierarchical data 
structure includes an LDAP directory (col. 15, 1. 14-19, Fig. 8). 

In regard to independent claim 14, claim 14 reflects the processor readable 
storage devices storing a plurality of instructions used to perform the methods as 
claimed in claim 1, and is rejected along the same rationale. 

In regard to dependent claims 15, 20, 21, and 23, claims 15, 20, 21, and 23 
reflect the processor readable storage devices storing a plurality of instructions used to 
perform the methods as claimed in claims 2, 9, 11, and 13, and are rejected along the 
same rationale. 

In regard to independent claim 24, claim 24 reflects the apparatus used to 
perform the methods as claimed in claim 1, and is rejected along the same rationale. 
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In regard to dependent claims 25, 30, 31, and 33, claims 25, 30, 31 , and 33 

reflect the processor apparatus used to perform the methods as claimed in claims 2, 9, 
1 1 , and 13, and are rejected along the same rationale. 

Regarding dependent claim 34, Cheng teaches managing at least one identity 
profile, because Cheng teaches that the identifier and objects of the member class have 
a life cycle where a member, i.e., identity profile can be archived, modified, or deleted 
(col. 8, I. 1-51; col. 12,1.27-64). 

Regarding dependent claim 35, Cheng teaches wherein managing said at least 
one identity profile comprises one or more tasks selected from creating a user, deleting 
a user, changing a user attribute, creating a group, deleting a group, and changing a 
group attribute, because Cheng teaches that the identifier and objects of the member 
class have a life cycle where a member, i.e., identity profile can be archived, modified, 
or deleted (col. 8, 1. 1-51; col. 12, 1. 27-64). 

Regarding dependent claim 36, Cheng teaches managing certificates 
associated with identity profiles (col. 15, 1. 4-19). 

Regarding dependent claim 41, Cheng teaches a workflow that has a 
predefined set of steps for performing a task, and that the workflow will modify one or 
more attributes of the target identity profile, because Cheng teaches the assignment of 
dynamic roles by using virtual links in the workflow system, so that the system can 
determine at run time to whom the task should be assigned (col. 15, 1. 37-col. 16, 1. 21; 
especially col. 16, 1. 7-21). 
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Cheng teaches deleting the target identity profile by the workflow, because 
Cheng teaches removal of a member object, i.e., target identity profile, corresponding to 
a situation where the identity profile is archived or deleted (col. 8, 1. 17-37). While 
Cheng discloses an improvement over the prior art at col. 8, 1. 38-50 in that old identity 
profile information may be archived rather than immediately deleted, Cheng also 
explicitly discloses deleting member objects as well as virtual links (col. 12, 1. 26-53). 
Therefore, while Cheng discloses an improvement over prior systems, Cheng also 
discloses that the member object, or target identity profile, may be deleted. 

Regarding dependent claim 44, Cheng teaches wherein said predefined set of 
steps comprising a first step and a second step; 

said first step is performed by a first program; 

said second step is performed by a second program; 

information is passed between said first program and said second program 
according to a defined set of rules: 

Cheng teaches a workflow that has a predefined set of steps for performing a 
task, and that the workflow will modify one or more attributes of the target identity 
profile, because Cheng teaches the assignment of dynamic roles by using virtual links in 
the workflow system, so that the system can determine at run time to whom the task 
should be assigned (col. 15, 1. 37-col. 16, 1. 21; especially col. 16, 1. 7-21). Cheng 
teaches modifying attributes of the target identity profile by assigning different role 
attributes, for example (col. 13, 1. 24-col. 14, 1. 65). Cheng teaches that each workflow 
comprises a predefined set of steps by more than one program, to perform tasks to 



Application/Control Number: 09/998,895 Page 10 

Art Unit: 2176 

affect the identity profile or group, and passing information between first and second 
programs according to a defined set of rules (col. 16, 1. 22-65). 

While Cheng does not explicitly teach at least one of the first program and the 
second program is external to the workflow, McNally teaches that at least one of the first 
program and the second program is external to the workflow, because McNally teaches 
that access to program resources outside the workflow can be requested or assigned to 
an operator (col. 5, 1. 44-col. 7, 1. 52; especially col. 7, 1. 3-35). 

Cheng teaches that said second program performs a second workflow to modify 
one or more attributes of the target identity profile, because Cheng teaches that each 
workflow comprises a predefined set of steps by more than one program, to perform 
tasks to affect the identity profile or group, and passing information between first and 
second programs according to a defined set of rules (col. 16, 1. 22-65; col. 17, 1. 5-51). 
Cheng teaches the assignment of dynamic roles by using virtual links in the workflow 
system, so that the system can determine at run time to whom the task should be 
assigned (col. 15, 1. 37-col. 16, 1. 21; especially col. 16, 1. 7-21). Cheng teaches 
modifying attributes of the target identity profile by assigning different role attributes, for 
example (col. 13, 1. 24-col. 14, 1. 65). 

Cheng, SiteMinder, and McNally are all directed toward policy and identity 
management for workflows. It would have been obvious to one of ordinary skill in the 
art at the time of the invention to combine SiteMinder, McNally, and Cheng, since it 
would have been obvious to combine the known prior art elements of a workflow system 
with rules corresponding to identity profiles (Cheng), with an identity system associating 
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users with domains (SiteMinder), and a graphical user interface allowing selection of 
workflow elements from a list (McNally), according to known methods of programming in 
order to produce predictable results (KSR), and since workflows, user profiles, and 
domains were all database categories managed by either Cheng, SiteMinder, and 
McNally, and were therefore data items which could have been combined in one 
system. 

Regarding dependent claim 45, Cheng teaches that said second program is 
identified in an event catalog of said first workflow, since Cheng teaches a flexible and 
dynamic role resolution in the workflow system because there are a plurality of nodes 
with relationships defined by rules or regular expressions (col. 16, 1. 10-65). 

Regarding dependent claim 46, Cheng teaches that the event catalog further 
identifies one or more parameters for passing information between the first program and 
the second program, because Cheng teaches that the system queries which resource 
or who should be allowed or assigned to do the task (col. 16, 1. 60-65). 

Regarding dependent claim 47, claim 47 recites the method of claim 1, wherein 
identifying said set of workflows that perform said task and are associated with said 
domain that includes said entity with which said at least one identity profile is 
associated, further comprises identifying workflows of said set of workflows for which a 
user issuing said request to perform said task is authorized. While Cheng teaches 
associating workflows in an organizational model with a domain using a unique identifier 
(col. 11,1. 59-27), and Cheng teaches user authorization checking at col. 14, 1. 6-65, 
Cheng does not explicitly teach determining associations with the domain, however, 
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SiteMinder teaches a policy server, i.e., identity system, for associating workflows, i.e., 
rules for user interaction with system resources, with policy domains (p. 235-237) by 
using SiteMinder responses and entities (Chapter 1 1 , p. 302-304) and creating policies, 
i.e., workflows, to specify actions that should take place when users access specific 
resources, which are tasks and/or software within a domain that includes entities, i.e., 
groups, associated with identity profiles (Chapter 12, Policies, p. 325-328). Specifically, 
SiteMinder teaches that a policy domain is a logical grouping of resources associated 
with one or more user directories, i.e., one or more users of the system (p. 235, par. 1 ; 
p. 235). 

Cheng, SiteMinder, and McNally are all directed toward policy and identity 
management for workflows. It would have been obvious to one of ordinary skill in the 
art at the time of the invention to combine SiteMinder, McNally, and Cheng, since it 
would have been obvious to combine the known prior art elements of a workflow system 
with rules corresponding to identity profiles (Cheng), with an identity system associating 
users with domains (SiteMinder), and a graphical user interface allowing selection of 
workflow elements from a list (McNally), according to known methods of programming in 
order to produce predictable results (KSR), and since workflows, user profiles, and 
domains were all database categories managed by either Cheng, SiteMinder, and 
McNally, and were therefore data items which could have been combined in one 
system. 

Regarding dependent claim 48, claim 48 recites the method of claim 47, 
wherein said at least one identity profile is a static member of a group. Cheng teaches 
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both static and dynamic task and organization assignment for identity profiles, having 
either dynamic or hard coded relationships, using virtual links (col. 9, 1. 15-col. 10, 1. 61; 
especially I. 9-21). 

Regarding dependent claim 49, claim 49 recites the method of claim 48, 
wherein said at least one identity profile is identified as a static member of said group 
based on a group identity profile for said group. Cheng teaches both static and dynamic 
task and organization assignment for identity profiles, having either dynamic or hard 
coded relationships, using virtual links (col. 9, 1. 15-col. 10, 1. 61; especially I. 9-21). 

Regarding dependent claim 50, Cheng teaches wherein said at least one 
identity profile is a dynamic member of a group. Cheng teaches both static and 
dynamic task and organization assignment for identity profiles, having either dynamic or 
hard coded relationships, using virtual links (col. 9, 1. 15-col. 10, 1. 61; especially I. 9-21). 

Regarding dependent claim 51, claim 51 recites the method of claim 50, 
wherein said at least one identity profile is identified as a dynamic member of said group 
based on application of a rule defined by a group identity profile for said group. Cheng 
teaches both static and dynamic task and organization assignment for identity profiles, 
having either dynamic or hard coded relationships, using virtual links (col. 9, 1. 15-col. 
10, 1. 61; especially I. 9-21). Cheng teaches rule application defined by expressions, for 
the group identity profiles, for example the system will query the organizational system 
to determine if an individual is a manager (col. 13, 1. 44-col. 14, 1. 65). 

Regarding dependent claim 52, Cheng teaches wherein said at least one 
identity profile is a nested member of a group. Cheng teaches groups which contain 
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nested members, which include target identity profiles, for example, Figure 4, element 
70 depicts the group "employees" which contain the nested members, elements 78, 80, 
and 82: "engineers", "marketers" and "temp", which are all nested members of the 
"employees" group. 

Response to Arguments 

Applicant's arguments with respect to claims 1,2,5, 6, 9-11,1 3-1 5, 20, 21 , 23- 
25, 30, 31 , 33-36, 41 , and 44-52, in regard to the Cheng patent as applied to the claims 
(see Remarks, p. 12-15), have been considered but are moot in view of the new 
ground(s) of rejection. The new grounds of rejection includes the SiteMinder reference, 
which is being relied upon in combination with Cheng to teach the newly claimed 
limitations of independent claims 1,14, and 24: ...receiving a request to perform a task 
that affects at least one identity profile associated with an entity in said identity system; 

determining from said one or more domains, a domain that includes said entity 
with which said at least one identity profile is associated; 

determining a set of workflows associated with said domain and capable of 
performing said task;... (see claim 1 ). 

Applicant's arguments filed 12/16/2008 regarding the McNally patent have been 
fully considered but they are not persuasive. 

Applicant argues (see Remarks, p. 15-16) that McNally does not teach the 
limitation of claim 1 , outputting said set of workflows to a user; receiving from said user 
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a selection of a first workflow from said set of workflows; because McNally teaches an 
interface an operator may select a workflow from a selection of workflows (Fig. 5-8; col. 
5, 1. 65-col. 6, 1. 27). Applicant's arguments are based on a piecemeal analysis of the 
references, rather than on the combination of the references, because applicant argues 
that in McNally the list of activities have been assigned to the user but are not 
characterized as being associated with any domain (see Remarks, p. 16, par. 2). 
However, both SiteMinder and McNally disclose GUIs listing domains (SiteMinder) and 
workflow tasks (McNally), and since GUIs could be used to present a selection list of 
designated elements to a user, it would have been obvious to combine the known prior 
art elements of workflow list, domain list, presented by a GUI to produce the predictable 
result of a selection list having selectable workflows and domains, as set forth in the 
rejection of claim 1 , above. 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Amelia Rutledge whose telephone number is 571-272- 
7508. The examiner can normally be reached on Monday - Friday 9:30 - 6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Doug Hutton can be reached on 571-272-4137. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Amelia Rutledge/ 
Examiner, Art Unit 2176 



